Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro

111

112

113

114

115

116

117

118

119

120

Security Management Server - AdminHelp v9.8

Event Data

Event data displays below the map about the events represented on the map. Narrow the amount of data

displayed by using the + icon in the upper left corner of the map to zoom in. Expand the amount of data

displayed by using the - icon in the upper left corner of the map to zoom out.

Filter the event data with the following fields, which are immediately below the map:

Event Type - Dell Data Guardian Cloud Encryption, Protected Office, or Beacon

Timestamp - Event date and time

Device - Device type and identifier (hostname, serial number, IMEI/MEID, CDN)

User - User name in UPN format

File KeyID - GUID that identifies the key used to protect the file

File Name - File name with extension

Action - File action that triggered the event

Dell Data Guardian Action - Action taken by Dell Data Guardian, based on policy and the file action that

triggered the event

Select columns to display from the drop-down Columns list.

Export Events to a SIEM/Syslog Server

Integrating with a SIEM/syslog server allows administrators to run customized analytics on threat and audit

data within their environments. Security Management Server and Security Management Server Virtual

support export of Advanced Threat Prevention and Data Guardian events.

To export audit events to a syslog server or to a local file:

1. In the left pane of the Remote Management Console, click Management > Services

Management.

2. Select the Events Management tab.

3. Select the appropriate option(s):

Export to Local File allows you to export audit events to a file. Enter the location in which

to store the file. This option also provides a backup of the audit events database.

Export to Syslog lets you specify the syslog server to which to export the file. If TCP

protocol is not selected, select it.

4. Click the Save Preferences button.

Export Audit Events with TLS/SSL over TCP

To use TLS/SSL,the syslog server must be configured to listen for TLS/SSL messages. The root certificate

used for the syslog server configuration must be added to the Dell Server Java keystore.

The following example shows necessary configurations for a Splunk server with default certificates.

Configurations are specific to individual environments. Property values vary when using non-default

certificates.

1. Configure the Splunk server to use the Splunk Server certificate and root certificate to listen on TCP

for TLS/SSL messages:

$SPLUNK_HOME\etc\system\local\inputs.conf